By WalkingTree  December 11,  2020

Why Secrets Management is critical to DevOps pipeline security

Developers often leave sensitive pieces of code embedded in applications and files. One popular real-world example is the way in which some developers use GitHub, a hugely popular source-code management system. Most developers use GitHub casually, leading to an increased risk of insider threats and hacking incidents. In 2016, Uber’s source code repository was hacked via GitHub, accessing the intellectual property and the personal data of more than 7 million Uber drivers and 50 million users. 

Keeping the secrets in a file and allowing access to a wider set of people will be a serious challenge. One way to solve this problem is to keep the secrets in a file but in an encrypted format and ensure only limited people can decrypt. Secrets management is challenging, especially for DevOps. Let’s take a look at why:

  • Increased adoption of cloud-native development has led to a decentralization of secrets. If left to their own devices, these secrets can sprawl over time, leading to data breaches and privacy concerns.
  • Many DevOps teams use different tools and often struggle to have a centralized system that can integrate with all these tools. Cloud-native secrets management tools are limited to a specific cloud provider. 
  • Most enterprises are unaware of where their secrets are located or who has access to them. This lack of understanding of the functioning of the DevOps pipeline often increases the risk of a data breach.

Read on to know more about Secrets management and why it is crucial for DevOps.


Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.